Find notable cyber news and cases, enriched with sources, timelines, and signals.

AWS CodeBuild unanchored pull-request filter misconfiguration security flaw

Vulnerability
First reported
Last updated
Happening score
H score 34
1 unique sources, 1 articles

Summary

Hide ▲

AWS CodeBuild had an unanchored pull-request filter flaw that let untrusted PRs run privileged builds, creating takeover risk for core AWS GitHub repositories and the AWS Console supply chain.

Related Happenings

Amazon Q Developer MCP trust flaw (CVE-2026-12957)

Vulnerability
H score32 First: 26.06.2026 16:53 Last: 26.06.2026 16:53 Sources 1

About this happening: **Amazon Q Developer** had a **high-severity** trust-boundary flaw in **MCP server** handling that could let a malicious repository trigger commands on a developer machine and ste...

AWS Bedrock AgentCore Code Interpreter DNS exfiltration and covert C2 in Sandbox Mode

Technical Analysis
H score25 First: 16.03.2026 15:00 Last: 16.03.2026 15:00 Sources 1

About this happening: Researchers demonstrated **DNS-based exfiltration** and covert **C2** against **AWS Bedrock AgentCore Code Interpreter**, showing cloud AI code execution environments can still le...

AWS CodeBuild ACTOR_ID regex bypass security flaw

Vulnerability
H score33 First: 15.01.2026 21:31 Last: 15.01.2026 21:31 Sources 1

About this happening: **AWS CodeBuild**'s **ACTOR_ID regex filters** were misconfigured, allowing a build-trigger bypass that could expose privileged GitHub tokens and enable repository takeover. The f...

VoidLink analysis reveals Kubernetes/Docker checks and modular anti-analysis behavior

Technical Analysis
H score28 First: 14.01.2026 00:12 Last: 14.01.2026 00:12 Sources 1

About this happening: **VoidLink** is a **Linux C2 framework** built for **cloud and container environments**, with **multi-cloud targeting** across **AWS, Google Cloud Platform, Microsoft Azure, Aliba...

VoidLink modular Linux malware framework for cloud and container operations

Malware Activity
H score28 First: 13.01.2026 16:31 Last: 13.01.2026 16:31 Sources 1

About this happening: Researchers uncovered **VoidLink**, a new **Linux malware framework** that expands **C2**, **persistence**, and **post-exploitation** options against **cloud and container environ...

Latest development: 21.01.2026 14:51

Check Point Research concluded that the VoidLink Linux malware targeting Linux-based cloud servers was largely built by AI, likely under the direction of one person, after reviewing exposed planning documents, AI-generated documentation, and the malware's rapid evolution from concept to a working framework in about four weeks rather than the planned 30 weeks.

Timeline

  1. 15.01.2026 17:00 2 articles · 5mo ago

    CodeBreach exposed AWS CodeBuild pull-request filter bypass

    Technical Analysis Update

    Wiz Research disclosed CodeBreach, a critical AWS CodeBuild misconfiguration in the pull-request trigger path that let untrusted pull requests bypass an unanchored ACTOR_ID regex, run privileged builds, steal GitHub credentials from build memory, and gain control of core AWS GitHub repositories including aws/aws-sdk-js-v3; AWS said it anchored the affected regex filters, revoked exposed credentials, and added the Pull Request Comment Approval build gate.

    Show sources